Le jeudi 24 septembre 2015 à 09:05 -0700, Vagrant Cascadian a écrit :
> On 2015-07-26, Paul Kocialkowski wrote:
> > In order to achieve reproducible builds in U-Boot, timestamps that are 
> > defined
> > at build-time have to be somewhat eliminated. The SOURCE_DATE_EPOCH 
> > environment
> > variable allows setting a fixed value for those timestamps.
> ...
> > However, some other devices might need some more tweaks, especially 
> > regarding
> > the image generation tools.
> With this patch, there is still variation based on timezone in any of
> the u-boot.img and u-boot-sunxi-with-spl.bin produced in the Debian
> packages:
>   https://reproducible.debian.net/rb-pkg/unstable/armhf/u-boot.html

Thanks for reporting this!

> The good news is that all the u-boot.bin targets are produced
> reproducibly, so here's to progress!

Good, that's a nice first step forward.

> I think the use of "time = mktime(time_universal);" is where the problem
> lies:


> According to the mktime manpage:
>        The  mktime()  function converts a broken-down time structure,
>        expressed as local time, to calendar time representation.  
> So my interpetation is that it's taking the UTC time and converts it
> into local time using the configured timezone... not sure what would be
> a viable alternative to mktime.

That seems to make sense. Come to think of it, it probably was not
necessary to call gmtime in the first place: if SOURCE_DATE_EPOCH is
always in UTC, we should be able to stick that as-is in the time
variable. At best, gmtime + mktime (assuming mktime working in UTC)
would give us back the same timestamp.

What do you think? Please let me know if I'm wrong.

> Running with the TZ=UTC environment variable exported works around the
> problem; not sure if it would be appropriate to always run with TZ=UTC
> when SOURCE_DATE_EPOCH is set...

Well that's too much of a workaround to be a reliable solution for the
long term, IMHO.

Paul Kocialkowski, Replicant developer

Replicant is a fully free Android distribution running on several
devices, a free software mobile operating system putting the emphasis on
freedom and privacy/security.

Website: https://www.replicant.us/
Blog: https://blog.replicant.us/
Wiki/tracker/forums: https://redmine.replicant.us/

Attachment: signature.asc
Description: This is a digitally signed message part

Reproducible-builds mailing list

Reply via email to